Vulnerabilities > CVE-2019-14694 - Use After Free vulnerability in Comodo Antivirus 12.0.0.6870

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
high complexity
comodo
CWE-416

Summary

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.

Vulnerable Configurations

Part Description Count
Application
Comodo
1

Common Weakness Enumeration (CWE)